The present invention relates in general to the need of modern computer age users to have easy, affordable, and immediate access to their personal information regarding many aspects of their daily life, including but not exclusively related to their financial, economical, work related sensitive data files, their medical updated records, other and important personal files and their many registered and favorite websites access data needs. The invention also relates to secured personal data exchange, storage and handling processes done through a combined computer, Internet and telephony based system.
More particularly, the invention relates to combined computers, Internet and telephony dedicated systems supporting for a plurality of users solutions to get access, store and manage their personal data in a safe and secured way, by using a personal data authenticator functioning as a smart and advanced token, to get a safe and highly secured access to the system and to store updated vast amount of their personal data on easy to carry tokens.
The ways, communication channels and the required data storage size and data throughput capacity of modern computer systems and their user's communication needs are fast expanding in the required operational performance needs, data storage capacity and associated required technical capabilities. Modern computer systems need in many cases also to support the communication needs between the users and various computer supported services, enabling the handling and exchange of very large files of data between services and information providers and clients. Such large files sizes handling systems are in many cases required to securely manage their users and clients textual, numeric, imagery, audio, graphics and many other personal data files of a highly sensitive information related to the system's users, or clients personal data. Such systems are typical to the needs of organizations such as hospitals, government and municipal agencies, banks, insurance companies and other financial institutes, which needs are rapidly changing towards higher data throughput and storage capacity, yet keeping the users and clients personal information in full security and confidentiality.
In parallel, today more and more users have the will to use new technological solutions and methods to be able to store and easily get access to their own personal data while storing it in small portable devices and through these devices also to be able to download, retrieve and manage most if not all their personal data and daily operational needs. The users may also have the need to use their personal ID data to create personal files and other private files and to have an access to other large size data files, through special highly secured dedicated computerized systems. By using such dedicated secured combined systems, the users will be able to securely transfer and exchange sensitive and private personal data and information with other authorized specific users and with suppliers of large scale size personal data files. These files may serve the growing secured personal data exchange, sharing and transfer needs of external services providers and suppliers using and generating highly personal data files, such as hospitals, banks, Insurance companies, government office and agencies, etc.
In order to get access to secured data files in most computerized systems users are usually required to be first recognized and identified by the computerized system as legitimate registered users, prior to getting access to the secured data files. Each one of these systems users is therefore required to first provide the computerized system with some data strings of secret information, unique to this user, in order to be recognized by the computerized system as a legitimate user and then the user is permitted to get entry access to the system. The process of the user being recognized and approved by a computerized system is called authentication. A two-factor authentication is an improved security process in which a user provides two types or means of his personal identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. In this context, the two factors involved are sometimes spoken of or referred to as something a user has and something a user knows—a pass code. A common example of two-factor authentication is a bank card: the card itself is the physical item and the personal identification number (PIN) is the known data, as a second factor, that goes with the bank card.
Markets available hardware token generators may presently be used for authentication to enterprise systems. However, a hardware token generator only generates a token to be used by a user or a holder of the hardware token generator to manually supply the token for authentication. For example, a two factor authentication can require that the second factor be a “physical token,” i.e., something the user has, that can produce (i.e., display) the second factor token (such as a numeric string) that the holder of the “physical token” can enter at a terminal providing access to a sought service. However, a drawback of a hardware token generator is that a lost or stolen hardware token generator can be used to breach security or for fraud. Another drawback is requiring a user to manage an additional physical token for authentication purposes. Another drawback is multiple hardware token generators are needed for multiple authentications to different systems. Also, a hardware token generator does not adequately prevent from phishing by hackers and criminals, because a two-factor authentication using presently available hardware token generator as the second factor, are still susceptible to “man in the middle” type attacks.
The prior art covering some of these capabilities is described in several publications as detailed herein.
A method for writing medical prescriptions, storing, and accessing patient medical records with improved portability and improved patient data security using a USB dongle device, is described in US Patent Application No. 20090204433, filed Aug. 13, 2009. The portable USB dongle device containing the patient records and software is easily removed and transported to other local terminals. The relevant patent describes a method for controlling access to medical records comprising: A) Providing a portable memory device which is able to store controlling software and said medical records; B) Providing a display device which is operationally connected to a microprocessor which will display said medical records & will selectively control a display of said medical records; and C) Using Fingerprint biometric authentication.
Medicard by Walletex Microelectronics Ltd. (http://www.walletex.com), from 6300 N.W. 97 Ave. Miami, Fla. 33178, USA, is a credit card size and shape USB flash memory for the user's medical records. MediCard has a large, double sided area that can be printed with the user's name, picture, doctors' names and phone numbers, information on allergies and medications, and other life-saving facts for emergency first-responders. It has enhanced security offering_Strong AES Encryption, Password protection, Memory partitioning (Read only part, Secured part, Public part), Large memory capacity (up to 8 GB), may contain both data and application software. Optional features are Biometric recognition, Magnetic strip.
US patent application No. 2008/0041940 A1; filed Jun. 4, 2007 partially covers some of the elements that were integrated into the Walletex Medicard device product. This patent application only includes two claims on a system which partially relates to the Medicard product as prior art. The first system claim is; A system of capturing and storing personal data, patient medical records and medical insurance and payment information comprising: a) providing a credit card-sized USB flash drive or similar device to store said patient medical records combined with a Smart Card or similar device to store said payment information including medical insurance and payment information such that said USB flash drive and Smart Card combination easily fits into one's wallet or worn on a necklace; and b) providing a USB jack and a means for emergency medical workers, hospital workers, and other health and medical workers to view and change said patient medical records; and c) providing a Smart Card and a means for health and medical workers to process said medical insurance and payment information, whereby said system will allow an individual to contain said patient medical record and said medical insurance and payment information in one small credit card-sized unit. Their second claim is: The credit card-sized USB flash drive or other device of claim 1 providing a mechanism for encrypting patient data such that it may only be viewed when a pass phrase, pin number, or similar phrase is entered by the owner via keyboard. Biometric information may also become available once Card development allows for this feature.
What we can learn from the relevant prior art is that medical data has the need to be readily available to the patients and to the medical treatment teams when needed, but the US patent application No: 2008/0041940 A1, as well as the Walletex product do not cover several highly important and medical markets required operational and security features and capabilities, to make together a fully acceptable and working solution. First due to the sensitivity of the medical records, the access to them should be highly secured and a simple password or even one biometric access permit, as appears at the end of the above cited US patent application second claim, but without any supportive description in the cited patent body itself, is not enough to ensure that a third party with negative intentions will not be able to get access to the user/patient secured medial data. Also this invention card does not have any connectivity and access to mobile phones and especially to the fast growing numbers and types of smart phones, as such an access capability is a real need in the modern living environment, due to the support these phones give to sustain the user's continuous voice and data communication capability with various service providers, as well as medical support and aid services, wherever the user is located. Also, essentially missing in the Walletex device and US application No: 2008/0041940 A1 prior art, is the required capability to measure and sense that a live person is authenticated as the user of the device while the user is actually holding the device in his hands, to avoid the possibility of using the user's access data and even a silicon copy of his fingerprint to fake his presence and get access to the user's secured personal information, this is true not for only medical personal records but also and even more crucial and relevant in the case of getting access to financial records, private data records and classified organizational records, if the user belongs to organization and has a special personal access permit to highly secured information that he needs to carry with him.
It is also highly recommended that when access is given to the sensitive medical records, or other personal data files, when and if the life signs measured results of the devise holder are not normal, to have in the devise the feature of self initiating an emergency call through the user's connected cell phone, or by the user connecting to a host computer, to get a safe access to a remote computer center that will call for emergency medical treatment or an urgent evacuation of the user to the nearby hospital. This requirement of a personal emergency device was dealt by prior art but no practical device was introduced successfully to the markets yet.
Also there is a need to create hierarchy in the access level of permits to the sensitive medical data stored in such a device, as the level of details and amount of medical data on the patient required by the medical rescue team is different and much lesser in content and details than the required access to much more detailed and professional medical data on the patient when the patient has to be professionally diagnosed and treated when he arrives at the hospital emergency room.
Accordingly, there is a need to improve and enhance the access control capabilities to first securely and efficiently authenticate the specific user before giving this user access to sensitive personal data files and then after the user being authenticated in a very high level of security and reliability, to be able to safely and securely communicate and exchange the user's personal secured data with other specific authenticated and pre-approved users and especially with a wide spectrum of registered and approved service and dedicated data providers.
Modern cellular phones, known as smart phones, are being frequently used as personal data storage and access devices, used for such applications as holding the user's phone books and personal data records, but the problems associated with this solution is due to the frequent modern cellular phones models changes and many technical failures of these phones, all that leads to the fact that in many cases critical users' data is getting lost or injured during the process of the devices repeating, maintenance and management procedures as well as the users frequent cellular phones and personal computers changing and upgrading to newer models. A better solution will therefore be to separate the user's sensitive and private data storage and management functions from the cell phone communication and display functions. This functional separation importance between private and personal data storage functions and the communication functions, can be recognized, detected and clarified especially during all the user's sensitive acts of private and needed to be concealed and secured data transfer activities from one device to the other. There is a need in this aspect for holding the user's private and needed to be secured data on a separate highly operational and reliable device, that will be adapting itself and act at the user's portable private data storage device through all the changes, upgrading and maintenance cycles that the user does with his cellular phone and/or personal computer. The user's personal portable data storage device will be able to be connected and then automatically and immediately communicate and interact with the user's new or upgraded cellular phones, in parallel there is a need that the personal device will be able to connect and interact also—with the user's personal computer, as well as with his computer terminal at work, whenever required.
This set of combined capabilities is especially required if the user wants to use the same device to store his own personal mass data base of financial and/or medical records of a highly sensitive level of data, combined with and containing textual, imagery, audio, graphics and figures—covering most if not all the specific user, continuously updating personal data, financial, medical and other modern life management information while ensuring the highly demanding requirements of secured data maintenance.
Regarding these very high security and privacy maintenance requirements and the users sensitivity to the fast expanding technical means and operational trends of exchanging financial related data and making financial transactions through modern computerized communication lines and networks, such as the interment and intranet, there is a need to improve the presently used means and methods of the users interaction through those networks, as they are done today mainly only by simply providing and exchanging the user name and password information as the only security protection means to enable users' access to finance institutions and banks and then it enables users to execute highly sensitive and top security demanding actions such as executing actual financial transactions and stocks trading. It is therefore highly recommended and required to offer more advanced practical new technologies based means and solutions, to provide and support enhanced and improved authentication, communication and data access and remote transactions executions means to provide much better personal financial data exchange, providing enhanced security for sensitive and private information exchange and provide secured and safe sensitive storage and deals executions with better safety and security. The present lack of such improved financial transactions security management solutions, creates the existing markets vast spectrum of mal-opportunities to hackers and criminals to get access to sensitive financial data and the related financial resources of users and organizations and then execute criminal acts on them, related a wide spectrum of misrepresentation based transactions by practically using other users' money. These criminal activities are presently creating annually hundreds of millions of US$ direct damages to the injured users and organizations and consequently also to the insurance companies that insure them through their banks and their credit card companies.
In addition, there is thus a widely recognized need for, and it would be highly advantageous also to have, a dedicated combined computer, Internet and telephony system supporting the multiple authentication, sensitive and very private personal data access and storage of users personal, financial and medical data and then supporting the daily needs for a plurality of said system pre-registered users, to securely communicate and operate their daily highly secured data interaction needs with a multiple of authorized, approved and secured services providers by using the system and adding to it as a critical highly required to security supporting new element by the implementation and the use of said dedicated hand held devices to communicate safely though this dedicated system getting access to said system by the use of said hand held apparatus which has the capabilities of being a combined multi level personal data authenticator and a secured and encrypted mass memory of personal or organizational sensitive and very private data with immediate access to the user holding his very private apparatus wherever he goes.
There is also a need for a highly secured and computerized communication system. Such a system will be open only to pre-registered and enhanced security check approved clients, while the system registered clients will get access to said system only with their system advanced, also pre-registered authentication managing token concept—is expected to dramatically reduce the cases of criminal acts by electronic means to execute financial deals and enable better monitoring and detection any suspicious such deals and quickly and easily track hackers trials to enter that secured system. The system users interaction with the secured system enabled only by using their tokens, will provide each such system user an optimal way to first verify that his entry and interaction with the system is fully authenticated and thus highly protected, then to track his deals as they are processed and to monitor their final execution results before each such a deal is finally approved and finalized by the user.
It is therefore highly recommended and there is a need to have an operational and reliable solution that will support for a multiple of registered users a secured communication and data management needs through a dedicated system and that the system's users will need to use their proposed private personal tokens, operating both as a user combined personal data authenticator and as a secured mass memory personal or organizational portable data storage and handling device, for providing secured and safe accesses to said secured system and to external databases containing sensitive private information of the system users.